[xacml] XACML November 7, 2002 Minutes

[Ken Yagen <kyagen@crosslogix.com>]

Title: XACML Conference Call Minutes

XACML Conference Call

Date:  Thursday, November 7, 2002

Time: 10:00 AM EDT

Tel: 512-225-3050 Access Code: 65998

 

Summary

Final set of issues were resolved and specification was approved unanimously as a committee spec. There was also a unanimous vote to move forward to next stage in becoming an OASIS standard, the public review. This will begin as soon as the specification is posted to the website which will happen tomorrow.

                  

Action Items

1. Anne Anderson to get comments to Tim Moses on the use of LDAP to store policies by 12/13
2. Anne Anderson to update the digital signature profile by 12/20
3. Hal to propose XACML changes for SAML, included text and schema change for initial issue already submitted to SSTC by 11/12.
4. Simon to create SAML profile document (due after finalization of spec) by 12/20
5. Hal Lockhart to release updated XACML primer by end of week
6. Tim to generate 1.0 committee spec
7. Michiharu to post spec to website in word and PDF format with text from Carlisle
8. Carlisle to draft notice and send to Karl of public review
9. Bill to create PDF of specification and post to list.
10. Committee chairs will coordinate publicizing of public review

 

 

Votes

Approved minutes of 10/31 Meeting

Voted to accept proposal of issue 92

Voted to drop the isPresent element for four attribute designators..

Voted to accept SubjectAttributeDesignator instead of Categorized SubjectAttributeDesignator.

Accepted resolution of 162

Accepted change of reference for floating point arithmetric

Voted to approve Committee Spec the current specification plus changes agreed upon today as a committee specification and will be called version 1.0.

 

 

Proposed Agenda:

10:00-10:05 Roll Call and Agenda Review
10:05-10:10 Vote to accept minutes of October 31 concall
http://lists.oasis-open.org/archives/xacml/200210/msg00318.html
10:10-10:15 Review action items from minutes
10:15-10:50 Discussion of any remaining items on spec
10:50-10:55 Vote to approve Committee Specification
(requires 2/3 of members voting, no more than 1/4 disapproval)
                  Vote to begin public review period (in preparation for submission to OASIS)
(requires majority approval)
10:55-11:00 Discuss plan to get to OASIS Standard
(face-to-face useful/necessary?)

 

Roll Call

Voting Members

Ken Yagen, Crosslogix

Daniel Engovatov, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Tim Moses, Entrust

Don Flinn, Hitachi

Konstantin Beznosov, Hitachi

Michiharu Kudoh, IBM

Steve Anderson, OpenNetwork

Simon Godik, Overxeer

Bill Parducci, Overxeer

Polar Humenn, Self

Anne Anderson, Sun Microsystems

Gerald Brose, Xtradyne

 

Prospective Members

 

Raw Minutes (taken by Ken Yagen)

Motion to approve and accept minutes of 10/31

Review of action items

1 and 2 are future items. 12/15 for 1 and 12/20 for 2.

Hal plans to submit changes described in Anne's email prior to next week's SAML meeting. Already submitted but Hal will be proposing specific text and schema for 11/12 meeting of SSTC. Anne had volunteered previously to go through text and schema and collect list of issues for SAML. Hal - other changes would be longer term possibly - SAML 2.0 such as a new auth decision type. Hal agrees to work on it but not soon.

SAML profile document - do we need to go through public review. If OASIS standard, should do public review.  Need to decide status as document - informational, committee spec, OASIS standard. Will not link to XACML 1.0 for now. 12/20 tentative date to complete.

XACML primer - Hal a little behind but this week. Michiharu wrote XSLT proposal. Should be updated. Will look to get that out 12/20.

Discussion of list of contributors - Tim not judging who contributed, going by who was a member at one time and who is now a member.

 

Polar drafted new section on attributes, anne tweaked and sent to Tim

 

92 waiting on Polar's action item, edited must be present attribute and was resolved in subcommittee. Now section 7.9. Had approved text for three new sections and sent to Polar to redraft to include new attribute. Voted and approved.

 

Present Function waiting on semantics of qualified subject attribute designator. No longer have qsad but still present in some parts of text and needs to be edited. Propose to accept text. Simon would like to not include isPresent element because it can be done with current text. Propose to delay until XACML 1.1 and not include. Anne believes it has simplicity and is efficient. Polar - Give way to specify attributes match but has no elements or value and don't have to retrieve elements. Daniel - if needed someone can extend using extension point and added later. Anne believes it adds way to express an attribute is present if it has no value. Currently all operators will return indeterminate if no value. Example authorization certificate may have OID for attribute that means are member of group or role and merely having the attribute means you have the privilege.

Vote to keep or drop the proposed elements: isPresent for Resource, Subject, Action and Environment Attribute Designator.

Vote: 7 to drop, 6 to keep, 1 to abstain

Simon will modify section 5 and send to Tim to reflect change

 

Added must be present XML attribute and decided to drop subject attribute designator where. Voted to approve

Simon proposed name change to subject attribute designator instead of categorized subject attribute designator. Not being retrieved from just any subject.

Categorized or Not. Vote is 6 Not, 5 Categorize, 3 Abstain. Will accept Subject Attribute Designator

 

Issue 162 - all attributes of same subject category will be lumped together accepted

Issue 156 obligation type (editorial)

Moving from decimal to double - no document reference for arithmetic standard. Proposed refer to IE document that describes floating arithmetic. Already included in document. IBM doc still cited in one place and will be corrected.

 

Several other small editorial items reviewed and accepted. Refer to change list for specifics.

 

Vote to approve Committee Spec the current specification plus changes agreed upon today as a committee specification and will be called version 1.0.

Voted to approve:

Ken Yagen, Crosslogix

Daniel Engovatov, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Tim Moses, Entrust

Don Flinn, Hitachi

Konstantin Beznosov, Hitachi

Michiharu Kudoh, IBM

Steve Anderson, OpenNetwork

Simon Godik, Overxeer

Bill Parducci, Overxeer

Polar Humenn, Self

Anne Anderson, Sun Microsystems

Gerald Brose, Xtradyne

 

No objections or abstains

 

Not required to go ahead to OASIS standard. If wish to go ahead, need to vote to go forward to Public Review period.

Vote to proceed to public review:

Ken Yagen, Crosslogix

Daniel Engovatov, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Tim Moses, Entrust

Don Flinn, Hitachi

Konstantin Beznosov, Hitachi

Michiharu Kudoh, IBM

Steve Anderson, OpenNetwork

Simon Godik, Overxeer

Bill Parducci, Overxeer

Polar Humenn, Self

Anne Anderson, Sun Microsystems

Gerald Brose, Xtradyne

 

No objections or abstains

 

Tim will make final revisions agreed to and sent to Michiharu for posting on website. Carlisle will then send a note to Karl Best to make notification of public comment period. We should publicize everywhere we can so post notice to XACML list if you publicize somewhere. Karl proposed wording for announcement so we should use that. Bill and Polar had made a list of places to post.

 

Bill will generate PDF for posting to the website as well. Carlisle will send text to Michiharu for the message on the website.

 

Face to Face proposal

Plan a day for a teleconference on Monday 12/9 to review comments. Possibly a full day teleconference.

 

Will do a weekly analysis of comments as received on normal calls (Monday or Thursday).

 

Anne posted a proposal for handling comments. Comments come in on XACML comments and Anne will receive and acknowledge them and review them. Monday call would be for discussion of comments.

 

Comment period will end 12/8 and 12/9 will have meeting to resolve final issues. On 12/12 will revote to approve committee spec if feel complete and Friday submit to OASIS.

 

No call this coming Monday 11/11.

 

Adjourn